From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Breno Leitao <leitao@debian.org>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.14 03/30] tcp: tcp_make_synack() can be called from process context
Date: Mon, 20 Mar 2023 15:54:27 +0100 [thread overview]
Message-ID: <20230320145420.360091550@linuxfoundation.org> (raw)
In-Reply-To: <20230320145420.204894191@linuxfoundation.org>
From: Breno Leitao <leitao@debian.org>
[ Upstream commit bced3f7db95ff2e6ca29dc4d1c9751ab5e736a09 ]
tcp_rtx_synack() now could be called in process context as explained in
0a375c822497 ("tcp: tcp_rtx_synack() can be called from process
context").
tcp_rtx_synack() might call tcp_make_synack(), which will touch per-CPU
variables with preemption enabled. This causes the following BUG:
BUG: using __this_cpu_add() in preemptible [00000000] code: ThriftIO1/5464
caller is tcp_make_synack+0x841/0xac0
Call Trace:
<TASK>
dump_stack_lvl+0x10d/0x1a0
check_preemption_disabled+0x104/0x110
tcp_make_synack+0x841/0xac0
tcp_v6_send_synack+0x5c/0x450
tcp_rtx_synack+0xeb/0x1f0
inet_rtx_syn_ack+0x34/0x60
tcp_check_req+0x3af/0x9e0
tcp_rcv_state_process+0x59b/0x2030
tcp_v6_do_rcv+0x5f5/0x700
release_sock+0x3a/0xf0
tcp_sendmsg+0x33/0x40
____sys_sendmsg+0x2f2/0x490
__sys_sendmsg+0x184/0x230
do_syscall_64+0x3d/0x90
Avoid calling __TCP_INC_STATS() with will touch per-cpu variables. Use
TCP_INC_STATS() which is safe to be called from context switch.
Fixes: 8336886f786f ("tcp: TCP Fast Open Server - support TFO listeners")
Signed-off-by: Breno Leitao <leitao@debian.org>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20230308190745.780221-1-leitao@debian.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp_output.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 2a9e55411ac42..8b2d49120ce23 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -3300,7 +3300,7 @@ struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst,
th->window = htons(min(req->rsk_rcv_wnd, 65535U));
tcp_options_write((__be32 *)(th + 1), NULL, &opts);
th->doff = (tcp_header_size >> 2);
- __TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTSEGS);
+ TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTSEGS);
#ifdef CONFIG_TCP_MD5SIG
/* Okay, we have all we need - do the md5 hash if needed */
--
2.39.2
next prev parent reply other threads:[~2023-03-20 15:01 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-20 14:54 [PATCH 4.14 00/30] 4.14.311-rc1 review Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 01/30] ext4: fix cgroup writeback accounting with fs-layer encryption Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 02/30] fs: sysfs_emit_at: Remove PAGE_SIZE alignment check Greg Kroah-Hartman
2023-03-20 14:54 ` Greg Kroah-Hartman [this message]
2023-03-20 14:54 ` [PATCH 4.14 04/30] nfc: pn533: initialize struct pn533_out_arg properly Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 05/30] qed/qed_dev: guard against a possible division by zero Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 06/30] net: tunnels: annotate lockless accesses to dev->needed_headroom Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 07/30] net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 08/30] nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 09/30] net: usb: smsc75xx: Limit packet length to skb->len Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 10/30] nvmet: avoid potential UAF in nvmet_req_complete() Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 11/30] block: sunvdc: add check for mdesc_grab() returning NULL Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 12/30] ipv4: Fix incorrect table ID in IOCTL path Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 13/30] net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 14/30] net/iucv: Fix size of interrupt data Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 15/30] ethernet: sun: add check for the mdesc_grab() Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 16/30] hwmon: (adt7475) Display smoothing attributes in correct order Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 17/30] hwmon: (adt7475) Fix masking of hysteresis registers Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 18/30] hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 19/30] media: m5mols: fix off-by-one loop termination error Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 20/30] mmc: atmel-mci: fix race between stop command and start of next command Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 21/30] rust: arch/um: Disable FP/SIMD instruction to match x86 Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 22/30] ext4: fail ext4_iget if special inode unallocated Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 23/30] ext4: fix task hung in ext4_xattr_delete_inode Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 24/30] sh: intc: Avoid spurious sizeof-pointer-div warning Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 25/30] ftrace: Fix invalid address access in lookup_rec() when index is 0 Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 26/30] fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 27/30] drm/i915: Dont use stolen memory for ring buffers with LLC Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 28/30] serial: 8250_em: Fix UART port type Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 29/30] HID: core: Provide new max_buffer_size attribute to over-ride the default Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 4.14 30/30] HID: uhid: Over-ride the default maximum data buffer value with our own Greg Kroah-Hartman
2023-03-20 17:19 ` [PATCH 4.14 00/30] 4.14.311-rc1 review Chris Paterson
2023-03-21 7:14 ` Naresh Kamboju
2023-03-21 11:51 ` Jon Hunter
2023-03-21 23:12 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230320145420.360091550@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=leitao@debian.org \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).